Security Roles and Responsibilities In Security Governance

Security role is the part where an individual plays in a complete organization security implementation and administration. In this tutorials different security roles and responsibilities in an organization.

Senior Manager

Senior Manager is responsible for all organization security. Senior Manager will have following roles and responsibilities

Sign off all policy issues

Endorse security policy

Sole responsibility on security failure or success

Tracking security solutions

Security Professional

Security professional are word horse of the security in an organization. The implementation mainly relies on Security Professionals. Security Professionals may have following roles and responsibilities

Have functional responsibility of security

Writing security policies

Implementing security policies

Designing security solutions

Data Owner

Data Owner the roles who actually owns the corporate data in an organization. This is generally upper level manager who is responsible for the given operations. But as we expect managers generally do not manage operations so they delegate this responsibility to the Data Custodian.

Data Custodian

Data Custodian role is responsible to implement protection measures prescribed by security policy and senior management. Generally get delegation from upper level managers

User

User the services and data consumer with little or no privileges. Users should comply with organization provided security protection and standards

Auditor

Auditor is role for reviewing and verifying security policy implementation and operations. Auditor should have some related or special training for the part he audits. Auditors generally provides reports about their audits to the managers.